Update 17/05/2017: The deal between Google's AI company DeepMind and the NHS Royal Free hospital has been strongly criticised by the health service's data body.

ADVERTISEMENT

It has emerged that in February 2017, Dame Fiona Caldicott, the National Data Guardian, sent the NHS hospital's medical director a letter saying the access of 1.6 million patient records given to DeepMind was on an "inappropriate legal basis".

The letter, first seen by Sky News, says Caldicott believes the data deal was "for the testing of the Streams application" and "not for the provision of direct care to patients.

READ NEXT

GDPR will change data protection – here's what you need to know

ByMatt Burgess

The NHS hospital said it welcomes guidance from the Data Guardian on the issue and is awaiting the decision of the Information Commissioner's Office (ICO) on the agreement. A DeepMind spokesperson told The Guardian it wants to "become one of the most transparent companies" working with the NHS' IT systems.

In an email to WIRED, Julia Powles, who has written an academic paper on the data deal, said: "All eyes are now on the ICO and the completion of their comprehensive review".

ADVERTISEMENT

READ NEXT

Take cybersecurity away from spies... for everyone's sake

ByEmily Taylor

This is not the first time criticisms have been raised about the deal, announced in 2015, but they are the first to be presented in a research paper, written by the University of Cambridge's Julia Powles and Hal Hodson, a technology correspondent at The Economist. In particular, the open-access paper says the agreement "should serve as a cautionary tale".

DeepMind hits back at criticism of its NHS data-sharing deal

"Given it is a flagship deal in AI, innovation, and data-driven healthcare, it was worth probing further," Powles tells WIRED. "I actually think there has been a very narrow discussion about this.

"It's easily characterised into privacy critics and big innovators. What we're trying to say is that innovation in this space requires a much more visionary approach from regulators, from companies, and the public, than we've seen with this deal."

READ NEXT

How secure is Apple's FaceID system? Very, but not totally

ByAndy Greenberg

The paper claims there is little information about what is being done with patient data; too much data being transferred for the publicly stated needs; those people included in the data were not informed; regulators have not issued any comments; and other issues.

It specifically discusses the data-sharing agreement agreed between the NHS and DeepMind in 2015. The deal allows the processing of patient data to be used in the Streams app, which monitors for signs of kidney problems and is being used in the Royal Free London NHS Foundation Trust and other hospitals. A recent report claimed that the app is saving nurses 'two hours' per day.

In response to the paper, Google-owned DeepMind and the Royal Free hospital have said there are errors in the work.

"This paper completely misrepresents the reality of how the NHS uses technology to process data," the statement explains. "It makes a series of significant factual and analytical errors, assuming that this kind of data agreement is unprecedented". However, the pair has not publicly stated what these analytical errors are.

Since the agreement was announced, it has been re-written. In fact, Powles says the original has been "torn-up and replaced".

ADVERTISEMENT

The detailed, 14,000 word paper says the original agreement "has suffered from a lack of clarity and openness" and the issue of privacy around the deal has been raised during the process.

Since the app was unveiled, there have also been questions about how patient data is processed. Previously, DeepMind clashed with privacy and data protection experts over the issues with disagreements over the legal aspects.

The mostly-silent centre of arguments is the Information Commissioner's Office (ICO), which oversees data protection issues in the UK. The body has been investigating the DeepMind and NHS deal since initial complaints were made. The ICO confirmed to WIRED that its investigations into the sharing of patient information was close to finishing.

"We continue to work with the National Data Guardian and have been in regular contact with the Royal Free and Deep Mind who have provided information about the development of the Streams app," the ICO said. "This has been subject to detailed review as part of our investigation. It’s the responsibility of businesses and organisations to comply with data protection law.”